From FAR and NEAR: Exploiting Overflows on Windows 3.x presented at toorcon2018SanDiego 2018

by Jacob Thompson,

Summary : This talk covers finding a buffer overflow vulnerability in some old Windows 3.x-based Internet software and constructing a payload to exploit it. The segmented memory model of 16-bit x86 code complicates exploitation and provides accidental defenses similar to ASLR and DEP. I walk through finding the exploit, developing a ROP chain and shellcode, culminating in the calculator.What if I told you that Windows 3.x provided Data Execution Prevention and a crude form of Address Space Layout Randomization? The segmented memory model that made 16-bit x86 code difficult to program also complicates building an exploit. Blending nostalgia and plain curiosity into exploiting "weird" systems, I demonstrate what may be the first public writeup (try Googling for one) of a buffer overflow targeting a Windows 3.x application, complete with ROP chain and shellcode. Everyone loves a good exploit and demo or just shuffling program groups--so stop by for a look back into the four-megabyte era equipped with a copy of Visual Studio 1.52c and modern techniques.